(1) Field of the Invention
The present invention relates to a communication method used between a terminal belonging to a virtual group comprised of a plurality of terminals connected to one another via a general network and another terminal whose relation with the group is unknown. More particularly, the present invention relates to an authentication method for performing authentication between the terminal and the other terminal in situations such as when the other terminal joins the group and when the other terminal wishes to obtain information it requires from the terminal belonging to the group.
(2) Description of the Related Art
The number of user terminals enjoying a variety of network services on the Internet has been increasing at an accelerated rate thanks to reductions in the prices of Internet access devices and connection fees, as well as to a wider variety of connection devices and the improvement in the speed of communications. At around the time when the commercial application of the Internet first started, most of the Internet services were one-way services in which ordinary users download information from the servers of information providers, by using their own terminals. At present, however, such information providers are not limited to a certain type of people, as there are an increased number of users wishing to transmit their privately-owned information (e.g. text data, still picture data, sound data, and moving picture data), many of whom place their information on WWW (World Wide Web) servers so that other users can view such information.
Methods in which such information providers provide information are roughly divided into two: information providers (1) operate their own servers to provide information; and (2) upload information they wish to provide onto servers that accept information on a free or chargeable basis.
Furthermore, there is an increasing demand for sharing privately-owned information only among a plurality of terminals owned by specific users (to be referred to as “group” hereinafter) such as friends, family members and those who have the same hobby, rather than transmitting information to general user terminals. As a major method in response to such a demand, there is a method utilizing an authentication server (which may be the server of an information provider) on which a set of a user ID and password (to be also referred to as “group list” hereinafter) of a user who has been permitted to join a group is registered, and a decision is made as to whether or not to permit such user to share information in the group, by verifying the set of the user ID and password inputted from a user terminal.
Also, when a formed group is made public, membership to the group is solicited from general users by registering information about the group (i.e. the category of the group, member information, and conditions for membership) on the authentication server. Then, the general users know about the registered group by accessing the authentication server, and obtain information required for joining the group. Many of the groups intended for having communications over networks (e.g. chat, BBS, and mailing list) let the public know about them in the above manner.
In a case such as the one described above where an information provider stores information on a server, and an information user accesses the server through his/her terminal (so-called client-server model), the following problems arise: when an information provider operates a server on his/her own,
(1) A high degree of knowledge is required: a technical knowledge on servers, networks and so forth is required, making it difficult for general users to operate servers of their own;
(2) Costly: operation cost is required for making a server dedicated to providing information in operation all the time, other than costs for equipment and software;
(3) There are limitations on the capacity of servers regardless of whether a service is chargeable or free: since there is a limitation on the information storage capacity of a server in many cases (in a case of servers which impose charges for information usage on information users, it is possible to relax limitations on capacity by making such information users bear most of the costs), and therefore, only a limited number of people can be information providers;
(4) Privacy leakage: there is a possibility that information stored on a server may be leaked to a third person due to some sort of accident even when an information provider is trustworthy, and therefore, it is difficult to protect privacy in a perfect manner; and
(5) Reliability as an open issue to be addressed: no information can be provided or shared at all when a server becomes inaccessible due to some sort of trouble.
The above-listed “limitations on capacity” does not pose a problem when an information provider can recover all costs incurred for providing information by obtaining an income in compensation for providing information. However, it is impossible to recover such costs when general users disseminate information or share information among user terminals.
As a solution to the above-listed problems that arise when information is shared in a communication of a client-server model as mentioned above, a peer to peer (to be referred to as “P2P” hereinafter) model has been a recent focus of attention. A “P2P” model is a communication method in which information is not concentrated on a server but is directly sent/received to and from an information provider and an information user when required, and therefore can serve as a solution to the above-listed problems (for example, refer to Keiichi KOYANAGI, P2P—New Century of the Internet (P2P Internet no shin-seiki), Ohmsha Ltd, 2002).
FIG. 1 is a conceptual diagram showing the flow of processing in a case where information is transferred among user terminals participating in a P2P model network (to be referred to as “P2P network” hereinafter). Assume that each user terminal (more specifically, terminals A–F) in FIG. 1 knows the existence of at least one other terminal participating in the P2P network. For example, the terminal A knows the terminals B and F, the terminal B knows the terminals A, C and D, the terminal D knows the terminals B and E, the terminal E knows only the terminal D, and the terminal F knows the terminals A and C, respectively. Here, assume that a user of the terminal A wishes to obtain certain information in the above state. In order to receive information that the user of the terminal A requires, the user needs to make a search required for specifying the terminal of another user who possesses such information.
Regarding the instructions of the user, the terminal A sends, to the terminals B and F, a request indicating that the user of the terminal A wishes to search for a user terminal having the above information (to be referred to as “search request” hereinafter). Next, the terminals B and F relay the search request sent from the terminal A to the user terminals they respectively know, and further to the user terminals known to the user terminals that terminals B and F know (S1501). Then, user terminals that have information satisfying the search request (the terminals C and E in this case) directly notify the terminal A that they have such information (S1502 and S1503). The terminal A selects the terminal E based on a certain sort of judgment criteria, and the information is directly transferred from the terminal E to the terminal A in the end (S1504). Of course, both the terminals C and E may directly transfer such information to the terminal A.
Accordingly, the above problems (1)–(5) with the client-server model can be solved as described below:
(1) A high degree of knowledge on server operation is not required, since there is no need for operating a server;
(2) Cost for operating or using a server is not required;
(3) Since the information recipient A receives information directly from the information sender E, limitations on the amount of information to be transferred are imposed only on a local recording capacity of the terminal E, meaning that there is virtually no limitation on capacity;
(4) Since information is not transferred via a third person other than the terminals A and E, information privacy can be protected if the communication between the terminals A and E is encrypted by using an existing technique; and
(5) It is possible for the terminal A to obtain necessary information from the terminal C, even when the terminal E is not on the network (in offline state).
Meanwhile, when a user wishes to participate in a group formed on the P2P network, and to share privately-owned information among other group members, the following requirements (A) and (B) need to be satisfied (due to the fact that there is no authentication server in this case):
(A) A user wishing to join the group needs to obtain information about the group using some method or other;
(B) User terminals of group members need to authenticate one another to confirm if they really participate in such group, when information is to be shared among such group members.
First, let us think about the requirement (A).
An information search method of the above-mentioned P2P model can be used to obtain information about the group. By making a search which is required for obtaining information about the group on the P2P network, it is possible to obtain the group information on the network without needing to use an authentication server.
First, a user is required to obtain (1) information for identifying the group on the network and (2) information about the attribute of the group and the like that is indicative of which category such group belongs to, and then (3) information indicating where to be connected in order to participate in the group.
The above information (1) is an ID and the like assigned to the group by which the group can be uniquely identified. The above information (2) is the group category, its intention, requirements for participating the group, and the like. Finally, the information (3) is IP addresses, port numbers and the like of group members which are required for actually making an access to such group members.
In the following, the above information (1) is referred to as “group identification information”, the information (2) is referred to as “group attribute information” and the information (3) is referred to as “entry point information”. Moreover, the information (1) and (2) are collectively referred to as “group information”.
First, a user obtains group identification information and group attribute information by means of a search, and decides whether or not to join the group by referring to the obtained group attribute information. When deciding to join the group, the user searches for entry point information of the group so as to obtain the entry point information. When this is done, the user specifies which entry point information in the group is needed, according to the previously obtained group identification information. When obtaining the entry point information, the user then needs to go through the procedure for joining the group by making an access to the entry point indicated by such entry point information. When the above processing is performed by the use of the search method of the P2P network, two problems arise because of the fact that the group information is not managed by an authentication server.
The first problem is the falsification of the group information. As shown in FIG. 2, assume that there are three groups G1, G2, and G3 on the network. Here, the terminal A of the user A specifies a condition α which should be satisfied by a group that the user A wishes to join, and searches for group information on the P2P network (S3101).
Next, upon receipt of the search request from the terminal A, the terminals B and F belonging to the group G2 judge whether the group information of their group matches the condition α specified by the terminal A. In an example shown in FIG. 2, since the group G2 does not satisfy the condition α, the terminals B and F transfer the above search request to the user terminals they respectively know. Subsequently, the terminals C and D of the group G1 that satisfy the condition α notify the terminal A of group identification information DI1 and group attribute information AI1 they possess (S3102 and S3103).
Accordingly, the user A of the terminal A comes to know the existence of a group that satisfies the condition α s/he specified, and therefore obtains an opportunity to participate in such group.
As shown in FIG. 3, however, it is easy to falsify group information on the P2P network. The user A in FIG. 3 specifies the condition α which should be satisfied by a group the user A wishes to join, using the terminal A, and searches for group information on the P2P network, as in the case of FIG. 2 (S3201).
In response to this search, there is a possibility that fraudulent responses are returned in the following manner:
(1) A person who responds to the search falsifies group attribute information of its own group
For example, assume the following case; the user B of the terminal B sends, to the terminal A as a response to the search request, not group attribute information AI2 but group attribute information AI1 of another group which satisfies the condition α, out of the group information of the group to which the user B belongs (S3202). In this case, there is a possibility that the user A will join the group G2 which does not satisfy the condition α which s/he specified.
(2) A person who responds to the search uses group identification information of another group and falsifies group attribute information of such group
For example, assume the following case: the user E of the terminal E uses group identification information DI1 of another group, and fakes such group attribute information AI4 that satisfies the condition α so as to send the fake group attribute information to the terminal A (S3203). As a result, there arises a possibility that the user A obtains false group attribute information of the group G1, and that false group attribute information AI4, which is not the group attribute information of the G1, is disseminated as such. Similarly, the same kind of falsification can take place when a search is made for entry point information.
Here, referring to FIG. 2, an explanation is given of the flow of processing for searching for entry point information, utilizing the information search method of the P2P network.
First, the user A specifies a condition α and group identification information of a group whose entry point information s/he wishes to obtain so as to make a search. Users C and D who belong to a group identified by such specified group identification information return their own entry point information as a response to the above search via their respective terminals.
In this case, too, it is easy for the above users who return a response to make a fraudulent response because of the fact that the group identification information and corresponding entry point information are not managed together by a server. In such a case, a fraudulent response is assumed to be made in the following manner:
(3) A person who responds to the search uses group identification information of another group and falsifies entry point information of such group. For example, it is possible for the terminal E to falsify entry point information and therefore return the entry point information of the terminal B in response to a search made by the terminal A for obtaining entry point information of the group G1. In this case, there is a possibility that the terminal A will join the group G2, which is not the group G1, and therefore, the member B of the group G2 is forced to deal with a wrong access made by the terminal A.
Of the above three fraudulent responses, the response (1) can take place in communications of a client-server model, but the responses (2) and (3) are more likely to take place in P2P environments. Since group identification information and corresponding group attribute information, and group identification information and corresponding entry point information are not managed by a server, a malicious user can make a fraudulent response by tampering with and transmit fake group attribute information and entry point information.
With the existing information search method of the P2P network, it is not possible to ascertain the validity of the above response. This is because anyone can make a response to a search made by a searcher in the existing search method of the P2P network.
The second problem is concerned with the uniqueness of a group. When a group is managed by an authentication server in a collective manner, it is easy to create an identifier for discriminating one group from another by the use of an authentication server. By using such an identifier as group identification information, a user can uniquely identify a group whose information s/he wishes to obtain.
On the P2P network, however, anyone can form a group freely and therefore it is not easy to determine an identifier for uniquely making a distinction between other groups. For example, assume that the user A forms a group and assigns an identifier G1 to such group, after which the user B forms another group and assigns the same identifier G1 to such group. In this case, another user C cannot discriminate between the user A's group and the user B's group using the identifier G1. More importantly, since a case is assumed where the user B will intentionally use the same identifier as that of the user A's group, the second problem cannot be solved by just using identifiers. Thus, what should be used as group identification information is one of the biggest issues in a case where groups are operated on the P2P network.
In order to solve the first and the second problems described above, it is possible to use a method in which information about a group and users is managed on an authentication server and actual data transfer is carried out in a P2P system. Such method, which is known as hybrid P2P, is one of the solutions to the above-mentioned problems (3) and (4) with client-server model. With this method, it is possible to protect group information from falsification, allowing group uniqueness to be easily assured.
Next, let us think about the requirement (B).
Referring to FIG. 4, an explanation is given of existing methods and the problems thereof.
As shown in FIG. 4, the first existing method is a method in which each user terminal in the group holds the same group list as one owned by an authentication server in the client-server model. In FIG. 4A, the user terminals A, B and C have their respective group lists on which the terminals A, B and C are described as the user (member) terminals making up the group (members). For example, when the user terminal C lets the other terminals (terminals A and B) know its user ID and password, the terminals A and B compare such user ID and password with the user ID and password described in their respective group lists. If the result of such comparison shows that the user ID and password presented by the terminal C match the user ID and password described on the group lists of the terminals A and B, the terminal C is authenticated as a group member, and is allowed to share information among the terminals A, B and C. Therefore, a user terminal X, which is not a group member, cannot know the user IDs and passwords described in the group list, and thus, the user terminal X is not allowed to share information among the terminals A, B and C. Accordingly, the privacy of the group comprised of the terminals A, B and C is protected.
However, there is a problem with the first existing method. Assume that the terminal A or the terminal B lets a terminal D join the group as a new member while the terminal C is in an offline state. In such a case, as shown in FIG. 4B, the user ID and password of the newly added terminal D are added to the group list of the terminals A, B and D, which enables them to share the group list with the same contents. However, since the terminal C is in an offline state at this point of time, it is impossible for the terminal C to update its group list. Next, assume the case where the terminals A and B are in offline state and only the terminals C and D are participating in the network (in an online state) (FIG. 4C). In this case, the terminal C cannot authenticate the terminal D as a group member since there is no description about the terminal D in the group list of the terminal C, making it impossible for information to be shared between the terminals C and D despite the fact that they are members of the same group (although there is a description about the terminal D in the group list of the terminal D, the terminal C cannot trust such description because of the possibility that the terminal D has tampered with the group list). In other words, there is a problem with the first existing method in that synchronization cannot be maintained among group lists possessed by the respective user terminals.
The second existing method to circumvent this problem is a method in which only a specified member holds a group list and such specified member makes changes in group members on the group list and performs authentication concerning a participation status of the user terminals in the group.
However, when hybrid P2P is employed in response to the requirement (A), the problems (1), (2) and (5) with the client-server model cannot be solved.
Furthermore, regarding the requirement (B), the second existing method has a problem in that, when the above-described specified member is in an offline state, the other members cannot authenticate with each other. In FIG. 4D, for example, assume that the terminal A is the above-described specified member, and the terminals B and C are the other group members. When the terminal A is in an online state, it is possible for the terminal B to authenticate the terminal C as a group member by making an inquiry about the terminal C to the terminal A. As shown in FIG. 4E, however, since the terminal B fails to make an inquiry to the terminal A when the terminal A is in an offline state, the terminal B cannot authenticate the terminal C, making it impossible for information to be shared between the terminals B and C, despite the fact that they are members of the same group.
As described above, when wishing to share information within a group on the P2P network that is capable of solving the problems of the client-server model, the following problems occur:
(1) There is a possibility that synchronization cannot be maintained among group lists possessed by the respective user terminals, in which case authentication cannot be performed even among members of the same group; and
(2) If a specified member responsible for holding the group list is in offline state, the other members cannot authenticate with one another as members of the group.
Meanwhile, in a public key encryption system such as PKI, authentication is generally performed between terminals by the use of expired participants lists distributed from a specified server. Users make an access, via their terminals, to a server that distributes expired participant lists at the time of authentication or on a specified date, so as to update their respective expired participant lists possessed by their terminals.
However, since there is no server on the P2P network which is in operation all the time, it is impossible, with the above method, to obtain an expired participant list when the manager terminal is in an offline state.
As shown in FIG. 5A, a possible method which addresses this problem is one in which the manager A who prepared the expired participant lists broadcasts new expired participant lists to the terminals of all the group members via the terminal A. However, since the terminals of the group members are not always in an online state, the terminal X of the member X in an offline state cannot obtain an expired participant list as shown in FIG. 5B.
Furthermore, as shown in FIGS. 5C and 5D, if the terminal A enters in to an offline state before the terminal X, which failed to obtain an expired participant list, enters in to an online state, it is impossible for the terminal X now in the online state to make an access to the terminal A, and therefore, the terminal X cannot obtain an expired participant list after all, as shown in FIG. 5D.